Applies To:

Show Versions

BIG-IP WebAccelerator

10.2.1

Release Note:BIG-IP WebAccelerator version 10.2.1

Original Publication Date: 08/27/2013

Summary:

This release note documents the version 10.2.1 release of BIG-IP® WebAccelerator™ system. To review what is new and fixed in this release, refer to New in version 10.2.1 and Fixed in version 10.2.1. For existing customers, you can apply the software upgrade to versions 9.4.x and 10.x. For information about installing the software, refer to Installing the software.

You can find the product documentation and the solutions database on the AskF5 Knowledge Base web site.

Supported browsers

The Configuration utility (graphical user interface) supports the following browsers:

Microsoft® Internet Explorer®, version 6.0x and 7.0x

Mozilla® Firefox®, version 1.5x, 2.0x, and 3.0x

Note: We recommend that you leave the browser cache options at the default settings.

Important: Popup blockers and other browser add-ons or plug-ins may affect the usability of the Configuration utility. If you experience issues with navigation, we recommend that you disable these types of browser plug-ins and add-ons.

Installing the software

Note: As of version 9.4.4, the BIG-IP® WebAccelerator™ system can send Accept-Encoding headers with the value of gzip to the origin web server, which optimizes bandwidth requirements in certain network configurations by compressing content. The Accept-Encoding gzip feature is installed, but disabled by default in the pvsystem.conf file. To enable the Accept-Encoding gzip feature, see Enabling the Accept-Encoding gzip feature in the Optional Configuration Changes section.

This section lists only the very basic steps for installing the software. The BIG-IP® Systems: Getting Started Guide contains details and step-by-step instructions for completing an installation. F5 recommends that you consult the getting started guide for all installation operations.

Before you begin, ensure that you have completed the following:

Reformat for the 10.1.x and later partition size, if needed (partitions created using version 9.x or 10.0.x do not accommodate the 10.1.x and later software).

Reactivate the license and update the service contract.

Downloaded the .iso file from F5 Downloads to /shared/images on the source for the operation.
(If you need to create this directory, use this exact name /shared/images.)

Check that the drives have at least minimal formatting.

Configure a management port.

Set the baud rate to 19200, if it is not already.

Log on using the management port of the system you want to upgrade.

Log on to an installation location other than the target for the installation.

Log on using an account with administrative rights.

Save the user configuration set (UCS) in the /var/local/ucs directory on the source installation location.

Log on to the standby unit, and upgrade the active unit after the standby upgrade is satisfactory.

Turn off mirroring.

If you are upgrading from 9.3.x or 9.4.x, run im <downloaded_filename.iso> to copy over the new installation utility.

If you are running WAN Optimization Module™, set the module's provisioning to Minimum before upgrading.

Installation consists of the following steps.

To copy the upgrade utility, run the command im (for first-time 9.x-to-10.x installation).

To install the software and roll forward the configuration on the active installation location, use one of the following methods:

Warning: Do not use the --nomoveconfig option described in the following procedure on systems with existing, running installations of Application Security Manager. Doing so removes all content from the associated database. Instead, ensure that the configuration on the source installation location matches the one on the destination. To do so, save the UCS configuration on the location you want to preserve, and apply that configuration to the destination before or after the installation operation.

To format for volumes and migrate the configuration from the source to the destination (for fully 10.x environments), run the command:image2disk --format=volumes <downloaded_filename.iso>

To format for volumes and preserve the configuration on the destination (for fully 10.x environments), run the command:image2disk --nomoveconfig --format=volumes <downloaded_filename.iso>

To format for partitions (for mixed 9.x and 10.x environments), run the command:image2disk --format=partitions <downloaded_filename.iso>

To install from the command line without formatting (not for first-time 10.x installation), run the command:bigpipe software desired HD<n.n>version 10.x build <nnnn.n> product BIG-IP

To install from the version 10.x browser-based Configuration utility, use the Software Management screens.

After the installation finishes, you must complete the following steps before the system can pass traffic.

Ensure the system rebooted to the new installation location.

Log on to the browser-based Configuration utility.

Run the Setup utility, if needed.

Provision the modules.

Each of these steps is covered in detail in the BIG-IP® Systems: Getting Started Guide, and we strongly recommend that you reference the guide to ensure successful completion of the installation process.

For specific information about the initial configuration of the BIG-IP® WebAccelerator™ system, see Chapter 3, Configuration and Maintenance, in the Configuration Guide for the BIG-IP® WebAccelerator™ System. All product documentation is located on the AskF5 Knowledge Base web site.

Supported UCS files

The BIG-IP® WebAccelerator™ system supports UCS files from all version 9.4 releases.

Supported system configuration files

The BIG-IP® WebAccelerator™ system saves the system configuration file, pvsystem.conf, to the /config/wa directory for all version 9.4 releases. If you are upgrading from a previous version of the BIG-IP® WebAccelerator™ system, review the following information.

Upgrading from version 9.4.x to 10.2.x

If you plan to install this version of the software onto a system running 9.4.x, you must perform a one-time upgrade procedure to make your system ready for the new installation process. When you update from software version 9.4.x to 10.2.x, you cannot use the Software Management screens in the Configuration utility. Instead, you must run the image2disk utility on the command line. For information about using the image2disk utility, see the BIG-IP® Systems: Getting Started Guide.

The upgrade process installs the software on the inactive installation location that you specify. This process usually takes between three minutes and seven minutes. During the upgrade process, you see messages posted on the screen. For example, you might see a prompt asking whether to upgrade the End User Diagnostics (EUD), depending on the version you have installed. To upgrade the EUD, type yes, otherwise, type no.

When upgrading from version 9.4.x to version 10.2.x, the BIG-IP® WebAccelerator™ system replaces the /config/wa/pvsystem.conf configuration file with the version 10.2.x default configuration and saves the previous version's configuration file as /config/wa/pvsystem.conf.9.4.x. If you modified the default 9.4.x configuration and want to apply the same changes to to version 10.2.x, you must edit the new /config/wa/pvsystem.conf as required.

Important: The 9.4.x configuration file is not fully compatible with version 10.2.x. Do not restore a version 9.4.x configuration file over the default 10.2.x configuration file.

For specific information about how to modify the pvsystem.conf file, refer to the Changing Default Settings chapter of the Configuration Guide for the BIG-IP® WebAccelerator™ System.

Fixed in version 10.2.1

Features and fixes introduced in prior release

The current release includes the features and fixes that were distributed in prior releases, as listed below. (Prior releases are listed with the most recent first.)

Features introduced in version 10.2.0

Integrated WebAccelerator Configuration utility
Previously, the WebAccelerator Configuration utility opened in a secondary window. The WebAccelerator Configuration utility is now fully integrated into the BIG-IP® Configuration utility.

Features introduced in version 10.1

Configuration synchronization for an optional symmetrical deployment (CR118165)
To properly synchronize configurations among systems in a symmetric deployment, the clocks on each of the systems in the deployment must be set to the same time, and an NTP server must be configured for each. If you add a new remote system to a symmetrical deployment and the clock is not set to the same time as the central system, or if you do not configure an NTP server, the synchronization fails when you run the wam_add.pl script (required to exchange SSL certificates). Starting in version 10.0.1, when you add a new system to a symmetric deployment and run the wam_add.pl script, the WebAccelerator system checks the time on all of the systems in the symmetric deployment and verifies that an NTP server is specified for each system. If the system clocks are off by more than 15 seconds, or if an NTP server is not specified for each system in the symmetric deployment, the WebAccelerator system returns an error and halts the configuration synchronization. For specific information about configuring an NTP server, see the Configuration and Maintenance Tasks chapter of the Configuration Guide for the BIG-IP® WebAccelerator™ System.

Features introduced in version 10.0.0

Signed acceleration policies
This release of the WebAccelerator system introduces signed acceleration policies. A signed acceleration policy is created, certified, encrypted, and provided to you by its author, such as a consultant or vendor. You can also create your own signed acceleration policy by signing a user-defined acceleration policy. You can import a signed acceleration policy into any other WebAccelerator system running version 10.0.0. Unlike pre-defined or user-defined acceleration policies, you cannot view, add, or modify rules for a signed acceleration policy. For more information, see the Overview of Acceleration Policies chapter in the Policy Management Guide for the BIG-IP® WebAccelerator™ System.

Important: Signed acceleration policies are not compatible with versions prior to 10.0.0. If you attempt to import a signed acceleration policy into a WebAccelerator system that is running a version prior to 10.0.0, the acceleration policy appears on the Policies screen and is available for assignment to an application, but the signed acceleration policy does not contain any configured acceleration rules.

New name for the BIG-IP® WebAccelerator™ System Administrator GuideThe BIG-IP® WebAccelerator™ System Administrator Guide is now called Configuration Guide for the BIG-IP® WebAccelerator™ System..

Object types
Starting in this release, you can view and modify pre-defined object types, as well as create new user-defined object types, from the Object Types screen. For more information, see the Changing Default Settings chapter in the Configuration Guide for the BIG-IP® WebAccelerator™ System.

URL normalization settings
Starting in this release, you can view and modify URL normalization settings from the URL Normalization screen. For more information, see the Changing Default Settings chapter in the Configuration Guide for the BIG-IP® WebAccelerator™ System.

Connections rules (CR107174)
The Connections rules tab is removed from the Policy Editor. You now configure connection settings, such as those for OneConnect and NTLM, from the interface of the BIG-IP® Local Traffic Manager. For more information about how to configure connection settings, see the Using Additional Profiles chapter of the Configuration Guide for BIG-IP® Local Traffic Manager™.

New name for the pre-defined acceleration policy, Oracle Portal (CR100065)The pre-defined policy previously known as Oracle Portal is now called, Oracle AS 10g Portal.

Support for the 8900 platform
With this release, you can install BIG-IP® WebAccelerator™ system version 10.0.0 on the 8900 platform. For more information about the 8900 platform, see Platform Guide: 6900 and 8900 on the AskF5 Knowledge Base web site.

Application Security Manager and WebAccelerator system integration
With this release, you can install the WebAccelerator system and the Application Security Manager on the same local traffic virtual server. The BIG-IP® Application Security Manager is designed to protect mission-critical enterprise web infrastructure against application-layer attacks, and to monitor the protected web applications. You can run the WebAccelerator system with the Application Security Manager on only the 6900 and 8900 platforms. For more information about the Application Security Manager, see the Configuration Guide for BIG-IP® Application SecurityManagement, the Securing and Accelerating HTTP Traffic with ASM and WA chapter of the BIG-IP® Local Traffic Manager: Implementations guide, and the BIG-IP® Application Security Manager Release Note on the AskF5 Knowledge Base web site.

Protocol Security Module and WebAccelerator system integration
With this release, you can install the WebAccelerator system and the Protocol Security Module on the same local traffic virtual server. The BIG-IP® Protocol Security Module is designed to perform protocol security checks for the HTTP protocol. You can run the WebAccelerator system with the Protocol Security Module on only the 6900 and 8900 platforms. For more information about the Protocol Security Module, see the Configuration Guide for BIG-IP® Protocol SecurityModule, the the Securing and Accelerating HTTP Traffic with PSM and WA chapter of the BIG-IP® Local Traffic Manager: Implementations guide, and the BIG-IP® Protocol Security Module Release Note on the AskF5 Knowledge Base web site.

Ghostscript software (CR118488)
This release contains the Ghostscript software, an interpreter for the PostScript language and for PDF. Ghostscript is covered under the GNU Lesser General Public License (LGPL). For more information about LGPL, see http://www.gnu.org/licenses/lgpl.html.

Fixes introduced in version 10.2.0

This release includes the following fixes.

ESI support for remote host content required (CR134226)
ESI inline statements are served from the default BIG-IP Local Traffic Manager pool when the base page is requested by the WebAccelerator system. By default, the WebAccelerator system constructs the inline proxy request with the default pool member's IP as host. This functionality now supports external ESI content, as well. The content record stores the details of the host that served the content. Additionally, a DNS lookup for the host is included in the inline statement.

Fixes introduced in version 10.1.0

This release includes the following fixes.

503 error codes or interruption in service (CR116341)
In previous releases, if the WebAccelerator system received a request while simultaneously performing an internal process, it returned a 503 error code. This issue no longer occurs.

Error messages after relicensing a system with the Application Security Manager (CR116426)
Previously, if you licensed a WebAccelerator system with the Protocol Security Module, and then remove the Protocol Security Module license and relicensed the WebAccelerator system with the Application Security Manager, you received reset errors. This issue has been resolved and you no longer receive reset errors.

Host names (CR118437)
Previously, the WebAccelerator system was unable to properly manage URLs that contained host names with a leading digit, such as https://www.1myserver.com. This issue is resolved and the WebAccelerator system can now process host names that begin with a digit, including unmapped host names.

X-PvInfo header code S10232 (CR121106)
Previously when an acceleration rule prompted the WebAccelerator system to send a request to the origin web server, the X-PvInfo header in the response did not indicate whether the content that the WebAccelerator system had cached was still valid. Starting in this release, when the WebAccelerator system sends a request to the origin web server and the cached content is still current, the WebAccelerator system places a new code, S10232, in the X-PvInfo header indicating that the content was served from Smart Cache. Conversely if the content is expired, the WebAccelerator system provides the new content and returns the S10202 code in the X-PvInfo header, indicating that the WebAccelerator system received new content from the origin server.

For information about using X-PvInfo headers, see the Troubleshooting chapter of the Configuration Guide for the BIG-IP® WebAccelerator™ System. For definitions of each X-PvInfo response header code, see the Using HTTP Headers chapter of the Policy Management Guide for the BIG-IP® WebAccelerator™ System.

Object Types synchronization in a symmetric deployment (CR122601)
In previous releases, object types were not synchronized between WebAccelerator systems in a symmetric deployment. Starting in this release if you modify an existing object type's settings or create a new object type, those changes synchronize with all other WebAccelerator systems in a symmetric deployment. For more information about managing object types, see the Changing Default Settings chapter in the Configuration Guide for the BIG-IP® WebAccelerator™ System.

Fixes introduced in version 10.0.0

This release includes the following fixes.

Invalidating content for a specific application (CR84569)
Previously, if you invalidated content for a specific application, the BIG-IP® WebAccelerator™ system invalidated the Hot Cache for all applications. Starting in this release, the WebAccelerator system properly invalidates content only for the specified application.

Unexpected proxy reply message after log rotation (CR92646)
In previous releases, the message, Unexpected proxy reply from %TMM, erroneously displayed in the /var/log/ltm file after the WebAccelerator system rotated the log files in the access directory. This issue is resolved and the message no longer displays.

Known issues

The BIG-IP® WebAccelerator™ system version 10.1 release contains the following known issues. Known issues are cumulative, and include all known issues for a release.

Modifying settings for the http-acceleration profile(CR76031)
If you make changes to the http-acceleration profile settings, Minimum Object Size, Maximum Object Size, URI Caching, and Ignore Headers, it adversely affects the way the BIG-IP® WebAccelerator™ system manages HTTP traffic for your site. You should not modify these settings. For more information about the default settings, refer to SOL8780: The default RAM Cache settings for the http-acceleration profile should not be modified.

Support for Basic and Digest Authentication scheme (CR80537)
The BIG-IP® WebAccelerator™ system does not currently support the Basic and Digest Access Authentication schemes. To ensure that clients receive properly authenticated content, enable the proxying rule option, Always proxy requests for this node, for the acceleration policy that is assigned to the application that is using Basic and Digest Access Authentication schemes. See Enabling the always proxy option, in the Workarounds for known issues section.

Synchronizing configuration changes in a symmetrical deployment (CR80763)
If the comm_srv system process is down on a BIG-IP® WebAccelerator™ system in a symmetrical deployment, and you make changes to other BIG-IP® WebAccelerator™ systems in the symmetrical deployment, the configuration changes may not synchronize properly.

Reporting the status of an origin web server in a symmetric deployment (CR80878)
In a symmetric deployment of BIG-IP® WebAccelerator™ systems, a BIG-IP® Local Traffic Manager http monitor on the remote WebAccelerator system does not properly report the status of the origin web server located behind the central WebAccelerator system. To work around this issue, monitor the status of the origin web server, through the BIG-IP® Local Traffic Manager's http monitor, only on the central WebAccelerator system. For more information about configuring and using http monitors, see the Configuration Guide for BIG-IP® Local Traffic Manager™.

Destination hosts for WebAccelerator systems in a symmetric deployment (CR81083)
Destination hosts are not supported for BIG-IP® WebAccelerator™ systems in symmetric deployments. To use destination hosts, you must configure pools through the BIG-IP® Local Traffic Manager™. For information about configuring pools, see the Configuration Guide for BIG-IP® Local Traffic Manager™.

Unmapped host processing in a symmetrical deployment (CR81084)
When configured in a symmetrical deployment, the BIG-IP® WebAccelerator™ system does not properly process requests for unmapped hosts.

Synchronizing changes to a user-defined acceleration policy for a symmetrical deployment (CR81333)
If you modify a user-defined acceleration policy on a BIG-IP® WebAccelerator™ systems in a symmetrical deployment, and you do not publish the policy before you synchronize the configuration, your changes may be lost. To avoid losing configuration changes to user-defined acceleration policies, always publish the policy you changed before you synchronize the BIG-IP® WebAccelerator™ systems in a symmetrical deployment.

Hit logs for normalized documents (CR81698)
The hit log does not currently report statistics for documents on which the BIG-IP® WebAccelerator™ system has performed URL normalization.

HTTP logging report for content served from Hot Cache (CR81829)
The logging feature does not currently report requests that the BIG-IP® WebAccelerator™ system has served from Hot Cache (previously known as RAM Cache).

Removing an http class profile from a virtual server (CR85606)
If you remove an http class profile from the BIG-IP® Local Traffic Manager system's virtual server's resources, the BIG-IP® WebAccelerator™ system may continue to accelerate traffic. To resolve this issue, restart the pvac service using the bigstart restart pvac command. Traffic flow may momentarily halt while the service restarts.

PDF linearization (CR95401)
The WebAccelerator system performs PDF linearization on all PDF documents. This setting cannot currently be changed through the user interface, but can be changed by modifying the globalfragment.xml file.

Access to the Configuration utility after modifying provisioning (CR105976)
If you provision or de-provision the WebAccelerator system, the Configuration utility restarts. During this time the Configuration utility is temporarily unavailable. Once the Configuration utility has restarted, it prompts you to continue.

Response code for content served from cache (CR106567)
When running on a platform with multiple CPUs, the WebAccelerator system may serve responses only from Smart Cache (indicated by the S10101 code in the X-PvInfo header), until the Hot Cache associated with each CPU is populated. Platforms with multiple CPUs include: 3600, 3900, 6400, 6800, 6900, 8400, 8800, and 8900.

Importing a policy when the /shared file system is full (CR106990)
If you import an acceleration policy when the /shared file system is full, the acceleration policy appears on the Policies screen, but does not appear in the policies list for an application; therefore, you cannot assign the imported policy to an application. To resolve this issue, free additional space in the /shared file system.

Exception error when publishing a modified acceleration policy in a symmetric deployment (CR107173)
If you modify the same acceleration policy on both the remote and central WebAccelerator systems in a symmetric deployment and then attempt to publish them simultaneously, the WebAccelerator system returns an exception error.

Invalidating cached content for unmapped hosts (CR108671)
If you manually invalidate cached content for unmapped hosts, the WebAccelerator system invalidates cached content for all applications.

Changing the time for the system clock (CR110577)
If you change the time on the system clock, the WebAccelerator services pvac and comm_srv may restart, temporarily halting traffic to your applications. In order for you to avoid this issue, F5 Networks recommends that you change the system clock only when the WebAccelerator system is offline and not processing requests.

http-acceleration profile compression setting (CR123170)
If you enable the Compression setting for the http-acceleration profile, the BIG-IP® WebAccelerator™ system no longer compresses content, regardless of the acceleration policy settings. To avoid this issue, do not modify the http-acceleration profile's Compression setting.

Insufficient disk space and provisioning failure (CR128875)
If you perform an operation that requires loading the configuration on a volume that has insufficient disk space to contain it, the operation fails at the module-provisioning step. Depending on the modules you provision and the space available, the failure might occur when rolling forward a configuration at installation, running bigpipe config install <config.ucs>, or provisioning modules in a command line operation. When the provisioning failure occurs, the system logs a message in the /var/log/ltm file: 01071008:3: Provisioning failed with error 1 - 'Disk limit exceeded. MB are required to provision these modules, but only MB are available.' To recover, free up sufficient disk space by removing unneeded volumes using the command: bigpipe software desired HDn.n delete, and then try the operation again.

Cannot invalidate application (CR132771)
If you create a virtual server enabled for WebAccelerator Module that does not use the pre-defined http-acceleration profile, you cannot invalidate the web application defined for the virtual server.

Frame URL Normalization Method is deprecated (CR134815)
The Frame setting for URL Normalization Method on the URL Normalization page does not function and is deprecated.

Clearing cache with wa_clear_cache can restart hds_prune (CR136453-1)
If you run the wa_clear_cache script to delete the WebAccelerator disk cache while hds_prune is pruning the cache, the hds_prune process can fail and restart. To avoid this issue, shut down hds_prune before running the wa_clear_cache script.

Specially created PNG file may cause libpng to stall or fail (CR137225)
When a PNG file contains a highly compressed ancillary chunk, libpng can stall or fail.

Policy navigation tree is unavailable when booting from 10.1 to 10.2 (CR137453)
When the system is booting from version 10.1 to 10.2, the Policy Editor appears blank on the left side, except for a small rectangular bar at the very top of the policy navigation tree area. To correct this problem, refresh the policy navigation tree, or close and reopen all browser windows.

Controls hidden when importing signed policy (CR139014)
If you sign a user-defined acceleration policy that has been published, and attempt to import the signed acceleration policy, the message You are attempting to import a Signed Acceleration Policy that will overwrite a Pre-Defined or User-Defined Policy. Do you wish to proceed? is hidden, preventing the ability to click Yes or No.

RamCache expiration that exceeds WebAccelerator expiration prevents re-enabling MultiConnect (CR139143)
If content in RamCache has an expiration that is longer than the expiration in WebAccelerator cache, MultiConnect cannot be re-enabled until the RamCache content expires.

URL Authorization Method does not function when Require Authorization is enabled (CR133821)
The URL setting for Authorization Method on the URL Normalization page does not function when Require Authorization is set to Yes.

Header is modified when using Cache-Control: no-transform (CR136185)
When an origin web server sends a Cache-Control: no-transform header in response to a request, the WebAccelerator system modifies the header. Clearing the Ignore no-cache HTTP headers in the request check box and the Ignore no-cache HTTP headers in the response check box on the Lifetime tab does not prevent the header from being modified.

WA IBR not applied to images in form input (ID 222510)
When using Intelligent Browser Referencing or MultiConnect functionality to accelerate images, using a form input may produce inconsistent results.

wam_add.pl script uses TCP echo-style ping (ID 353432)
In a symmetric deployment, the remote and central WebAccelerator systems communicate over port 4353 and exchange SSL certificates over port 22. If a firewall exists between these systems, you must modify its configuration so that port 4353 and port 22 are open. If you fail to open these ports, the central and remote WebAccelerator systems cannot properly exchange SSL certificates or synchronize. Additionally, TCP echo port 7 is required when setting a symmetric deployment to run /usr/local/wa/scripts/wam_add.pl and use Perl's NET::Ping, which defaults to a TCP ping.

Workarounds for known issues

The following section describes the workaround for the corresponding known issue listed in the previous section.

Configuring the always proxy feature (CR80537)

If you are using Basic and Digest Access Authentication schemes for certain applications, you must enable the always proxy feature for the user-defined acceleration policy assigned to those applications. For information about this known issue, see Support for Basic and Digest Authentication scheme.

Enabling the always proxy option

On the Main tab of the navigation pane, expand WebAccelerator and click Applications.
The Applications screen opens in a new window.

On the Main tab of the navigation pane in the new window, click Policies.
The Policies screen opens, displaying a table of user-defined and pre-defined acceleration policies.

On the User-defined Acceleration Policies table, click the name of the acceleration policy that you want to edit.
The Policy Editor screen opens.

On the Policy Tree, click the node for which you want to enable the always proxy option.

In the Proxying Options section, click the button next to Always proxy requests for this node.

Click the Save button.

For the new policy to be in effect for your site, you must publish it. For more information, see Chapter 3, Using Acceleration Policies, in the Policy Management Guide for the BIG-IP® WebAccelerator™System. Once you publish the acceleration policy, the BIG-IP® WebAccelerator™ system sends all matched requests to the origin server for content.